Active Members Fi8sVrs Posted October 13, 2017 Active Members Report Share Posted October 13, 2017 # Exploit Title: phpMyFAQ 2.9.8 Stored XSS # Vendor Homepage: http://www.phpmyfaq.de/ # Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip # Exploit Author: Ishaq Mohammed # Contact: https://twitter.com/security_prince # Website: https://about.me/security-prince # Category: webapps # CVE: CVE-2017-14619 1. Description Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14619 2. Proof of Concept Steps to Reproduce: 1. Open the affected link http://localhost/phpmyfaq/admin/?action=config with logged in user with administrator privileges 2. Enter the <marquee onscroll=alert(document.cookie)> in the “Title of your FAQ field” 3. Save the Configuration 4. Login using any other user or simply click on the phpMyFAQ on the top-right hand side of the web portal 3. Solution: The Vulnerability will be fixed in the next release of phpMyFAQ # 0day.today [2017-10-13] # Source: 0day.today 1 Quote Link to comment Share on other sites More sharing options...
